https://tech.nicolonsky.ch/tags/azure/Recent content in Azure on Nicola SuterHugo -- gohugo.ioen-US© 2026 Nicola SuterThu, 10 Jan 2019 22:25:00 +0000https://tech.nicolonsky.ch/clean-up-azure-ad-devices/Thu, 10 Jan 2019 22:25:00 +0000https://tech.nicolonsky.ch/clean-up-azure-ad-devices/<p>If you are using Azure AD and the time passes you&rsquo;ll have a lot of old device entries. If you enable the automatic device cleanup rule in Microsoft Intune the device is only removed within MDM and the Azure AD entry still exists.</p> <figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://tech.nicolonsky.ch/content/images/2019/01/image-1.png" class="kg-image"><figcaption>Intune device cleanup rule</figcaption></figure> <p>For this reason I created a tiny PowerShell snippet to create a report with all devices which didn&rsquo;t contact your Azure AD tenant since the treshold date specified. If you confirm the operation you can also delete all affected devices.</p> <!--kg-card-begin: markdown--> <p><mark><em>Please be careful when running the script because when removing a device from Azure AD the stored Bitlocker recovery keys are also removed. I can recommend <a href="http://rzander.azurewebsites.net/bitlocker-management-with-azure-storage-table/">Roger Zander&rsquo;s Azure table-based Bitlocker recovery key solution</a>.</em></mark></p> <!--kg-card-end: markdown--><!--kg-card-begin: markdown--><script src="https://gist.github.com/nicolonsky/231844d2c383396331a94024bffbd7ff.js"> </script><!--kg-card-end: markdown-->https://tech.nicolonsky.ch/office-usage-location-azure-automation/Wed, 09 Jan 2019 15:23:00 +0000https://tech.nicolonsky.ch/office-usage-location-azure-automation/<p>If you want to assign Microsoft licenses to your Azure AD users e.g. Microsoft 365 E3 licenses you can do this with group based licensing as described <a href="https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal" target="_blank" rel="noreferrer">here</a>. <del>The problem is that even with group based licensing the UsageLocation property for each user must be set individually.</del></p> <p><mark>Update: 13.01.2019: Since group based licensing is GA the tenant location is used if no UsageLocation is set on a user object. Use this guide if you want to manually assign licenses or override the tenant settings if you need to configure different UsageLocations.</mark></p> <h2 class="relative group">Possible bulk and automation solutions <div id="possible-bulk-and-automation-solutions" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#possible-bulk-and-automation-solutions" aria-label="Anchor">#</a> </span> </h2> <p>You can achieve this with the following options:</p> <ul> <li>&ldquo;Manual&rdquo; trough Azure or Office 365 portal</li> <li>PowerShell (must be triggered manually or through scheduled task)</li> <li>Azure AD Connect synchronisation (UsageLocation populated in on prem AD)</li> <li><strong>Azure automation with PowerShell runbook as in this post 🙂</strong></li> </ul> <h3 class="relative group">Azure automation sounds expensive? <div id="azure-automation-sounds-expensive" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#azure-automation-sounds-expensive" aria-label="Anchor">#</a> </span> </h3> <p>Fortunately Azure automation offers 500 minutes of script runtime for free. Find more details under Automation pricing. Just to give you an idea: If the executed script has an average runtime of 1 minute you could run it (500 minutes / (30 calendear days / 1 minute script runtime)) = 16x per day. Each month. For free.</p>